package com.example.demo.ShiroConfig;

import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/**
 * ClassName:shiroConfig
 * Package:com.example.demo.ShiroConfig
 * Description:
 *
 * @date:2019/12/13 9:06
 * @author:
 */
@Configuration
public class shiroConfig {
    /**
     * 创建ShiroFactoryBean
     */
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")
                                  DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //添加shiro 的内置过滤器（实现权限相关的拦截）
        Map<String,String> filterMap = new LinkedHashMap<String,String>();

        //放行页面
//        filterMap.put("/login","anon");
        filterMap.put("/login","anon");
        filterMap.put("/loginNoPwd","anon");
//      filterMap.put("/logout","anon");

        // 静态资源放行
        filterMap.put("/static/zTree_v3/**", "anon");


        //授权拦截器
        filterMap.put("/user/**","perms[Admins]");


        filterMap.put("/**", "authc");

        //修改调整的登录页面
        shiroFilterFactoryBean.setLoginUrl("/tologin");
        //设置未授权页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/toError");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }


    /**
     * 密码匹配凭证管理器
     *
     * @return
     */
    @Bean(name = "customCredentialsMatch")
    public CustomCredentialsMatch hashedCredentialsMatcher() {
        CustomCredentialsMatch customCredentialsMatch = new CustomCredentialsMatch();
        // 采用MD5方式加密
        customCredentialsMatch.setHashAlgorithmName("MD5");
        // 设置加密次数
        customCredentialsMatch.setHashIterations(0);
        return customCredentialsMatch;
    }

    /**
     * 创建DefaultwebSecurityManager
     */
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getSecurityManager(@Qualifier("customCredentialsMatch") CustomCredentialsMatch match){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setAuthenticator(modularRealmAuthenticator());
        List<Realm> realms=new ArrayList<>();
        realms.add(myRealm(match));
        realms.add(pwdRealm());
        securityManager.setRealms(realms);
//        //关联realm
//        securityManager.setRealm(myRealm(customCredentialsMatch));
        return securityManager;
    }

    /**
     * 系统自带的Realm管理，主要针对多realm 认证
     */
    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator() {
        //自己重写的ModularRealmAuthenticator
        UserModularRealmAuthenticator modularRealmAuthenticator = new UserModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return modularRealmAuthenticator;
    }


    /**
     * 创建realm
     */
    @Bean(name = "myRealm")
    public NOPASSWD myRealm(CustomCredentialsMatch match){
        NOPASSWD realm = new NOPASSWD();
        realm.setCredentialsMatcher(match);
        return realm;
    }

    /**
     * 创建realm
     */
    @Bean
    public PASSWORD pwdRealm(){
        PASSWORD realmPASSWORD = new PASSWORD();
        realmPASSWORD.setCredentialsMatcher(hashedCredentialsMatcher());
        return new PASSWORD();
    }



}
